shiro权限注解

一、注解解释

@RequiresAuthentication

表示subject已经通过登录验证，才可使用

@RequiresUser

表示subject已经身份验证或者通过记住我登录，才可使用

@RequiresGuest

表示subject没有身份验证或通过记住我登录过，即是游客身份，才可使用

@RequiresRoles(value={“admin”, “user”}, logical=Logical.AND)

表示subject需要xx（value）角色，才可使用

@RequiresPermissions (value={“user:a”, “user:b”},logical= Logical.OR)

表示subject需要xxx（value）权限，才可使用

二、示例

1、代码

注：连接均是可被匿名访问，控制器均是直接调用服务方法

服务

@Service
public class ShiroService {

    /**
     * 表示subject已经通过登录验证
     */
    @RequiresAuthentication
    public void testRequiresAuthentication(){
        System.out.println("testRequiresAuthentication");
    }
    /**
     * 表示subject已经身份验证或者通过记住我登录
     */
    @RequiresUser
    public void testRequiresUser(){
        System.out.println("testRequiresUser");
    }
    /**
     * 表示subject没有身份验证或通过记住我登录过，即是游客身份
     */
    @RequiresGuest
    public void testRequiresGuest(){
        System.out.println("testRequiresGuest");
    }
    /**
     * 表示subject需要admin角色
     */
    @RequiresRoles(value = {"admin"},logical = Logical.AND)
    public void testRequiresRoles(){
        System.out.println("testRequiresRoles");
    }
    /**
     * 表示subject需要权限user:create
     */
    @RequiresPermissions(value = {"user:create"},logical = Logical.AND)
    public void testRequiresPermissions(){
        System.out.println("testRequiresPermissions");
    }
}

2、不同情况下访问效果

1）未登录状态下访问

testRequiresAuthentication
异常

org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated.  Access denied.

testRequiresUser
异常

org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a user-only operation.  The current Subject is not a user (they haven't been authenticated or remembered from a previous login).  Access denied.

testRequiresGuest
通过

testRequiresRoles
异常

org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against.  A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager.  This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again.  Because an identity is currently not known due to any of these conditions, authorization is denied.

testRequiresPermissions
异常

org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against.  A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager.  This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again.  Because an identity is currently not known due to any of these conditions, authorization is denied.

2）登录user用户（user角色）状态下访问

testRequiresAuthentication
通过

testRequiresUser
通过

testRequiresGuest
异常

org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a guest-only operation.  The current Subject is not a guest (they have been authenticated or remembered from a previous login).  Access denied.

testRequiresRoles
异常

org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]

testRequiresPermissions
异常

org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [user:create]

3）登录admin用户（user、admin角色）状态下访问

testRequiresAuthentication
通过

testRequiresUser
通过

testRequiresGuest
异常

org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a guest-only operation.  The current Subject is not a guest (they have been authenticated or remembered from a previous login).  Access denied.

testRequiresRoles
通过

testRequiresPermissions
异常

org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [user:create]

这篇好文章是转载于：学新通技术网